JP6947166B2 - Information processing device and information processing method - Google Patents

Description

The present disclosure relates to an information processing apparatus and an information processing method.

In recent years, with the spread of IC (Integrated Circuit) cards, there has been an active movement to use a plurality of services using one IC card, and many related technologies have been disclosed. For example, Patent Document 1 discloses a technique in which a terminal (reader / writer or the like) or a server appropriately controls a plurality of applications when a plurality of applications process an IC card.

JP-A-2007-279966

However, when an information processing device such as an IC card supports more services, there is a problem that the load on the terminal or the server increases because the processing by the terminal (reader / writer or the like) or the server increases. Therefore, it is required to perform more processing by an information processing device such as an IC card.

Therefore, the present disclosure has been made in view of the above, and the purpose of the present disclosure is to provide a new and improved information processing device capable of linking data and processing related to a plurality of services. To do.

According to the present disclosure, there is provided an information processing apparatus including a processing unit that processes data related to services corresponding to each of a plurality of services associated with a storage medium.

As described above, according to the present disclosure, it is possible to link data and processes related to a plurality of services.

It should be noted that the above effects are not necessarily limited, and together with or in place of the above effects, any of the effects shown herein, or any other effect that can be grasped from this specification. May be played.

It is explanatory drawing which shows an example of the information processing system in this embodiment. It is explanatory drawing which shows the structure of the IC card in this embodiment. It is explanatory drawing which shows the hierarchical structure of the data and the like contained in an IC card. It is explanatory drawing which shows the processing flow which associates the data in this embodiment. It is explanatory drawing which shows the processing flow which sets the program in this embodiment. It is explanatory drawing which shows the operation of an IC card and a reader / writer in this embodiment. It is explanatory drawing which shows the setting pattern of the associated data and a program in this embodiment. It is explanatory drawing which shows the structure of the logic card in this embodiment. It is explanatory drawing which shows the hierarchical structure of the data which is stored in the storage area in this embodiment. It is explanatory drawing which shows the association between storage areas in this embodiment. It is explanatory drawing which shows the hardware structure of the IC card in this embodiment.

Preferred embodiments of the present disclosure will be described in detail below with reference to the accompanying drawings. In the present specification and the drawings, components having substantially the same functional configuration are designated by the same reference numerals, so that duplicate description will be omitted.

The explanations will be given in the following order.
<1. First Example>
1-1. Outline of information processing system 1-2. Configuration of IC card 100 1-3. Data association in IC card 100 1-4. Program settings on the IC card 100 1-5. Operation of IC card 100 and reader / writer 200 <2. Second Example>
<3. Information processing device hardware configuration example>

<1. First Example>
[1-1. Information processing system overview]
First, an outline of the information processing system according to the embodiment of the present disclosure will be described with reference to FIG. FIG. 1 is an explanatory diagram showing an example of an information processing system according to the present embodiment. As shown in FIG. 1, the information processing system according to the present embodiment includes an IC card 100 and a reader / writer 200, and the IC card 100 and the reader / writer 200 are connected by a communication path 300. The IC card 100 in this embodiment is a short-range wireless communication (NFC: Near Field).
It is a non-contact type IC card used for Communication).

Contactless IC cards are information processing devices that have become widespread in recent years by being used in electronic money systems, security systems, and the like. IC cards are broadly classified into contact type IC cards and non-contact type IC cards. The contact type IC card is a type of IC card that communicates with a reader / writer via the module terminal by bringing the module terminal into contact with the reader / writer. On the other hand, the non-contact type IC card is a type of IC card that includes a wireless communication module and performs wireless communication with a reader / writer. Regarding contactless IC cards, when the user uses the IC card, it is not necessary to take out the IC card from the wallet, card case, etc., and it is highly convenient, so it is used when making payments at transportation facilities, retail stores, etc. The number of cases is increasing.

The IC card 100 in the embodiment of the present disclosure is assumed to be a non-contact type IC card as an example, but is not limited to the non-contact type IC card. Specifically, the IC card 100 according to the embodiment of the present disclosure includes, for example, a contact type IC card, various communication devices incorporating the IC card (mobile phone, watch, PDA (Personal Digital Assistant), portable game machine, portable device). It may be embodied by an information processing device such as a type video / audio player) and various servers. That is, the embodiment of the present disclosure is not limited to the form of a card.

Further, a plurality of services can be applied to one IC card 100. Specifically, one IC card 100 can support a plurality of services such as a ticket sales service provided by transportation, a product sales service provided by a retailer, and a personal authentication service provided by a financial institution. .. Then, since the user does not need to have a dedicated IC card in order to use each service, it becomes easy to manage the IC card.

The reader / writer 200 is an information processing device that reads / writes data to / from the IC card 100 by performing non-contact communication with the IC card 100 when the IC card 100 is held by the user. Further, the reader / writer 200 may read / write data from the IC card 100. When the reader / writer 200 and the IC card 100 perform non-contact communication with each other, the user who uses the IC card 100 can enjoy various services.

The reader / writer 200 in the embodiment of the present disclosure is merely an example, and the embodiment of the present disclosure is not limited to the reader / writer 200. Specifically, the reader / writer 200 according to the embodiment of the present disclosure includes, for example, an automatic ticket gate for transportation, a register device for a retail store, a vending machine for various products, an ATM (Automated / Automatic Teller Machine) of a financial institution, and the like. It may be embodied by an information processing device such as various servers.

The communication line 300 is a transmission line for short-range wireless communication (NFC). If the IC card 100 and the reader / writer 200 are replaced with information processing devices such as various servers, the communication path 300 may be a public wireless LAN (Local Area Network), Bluetooth (registered trademark), infrared communication, or the like. It may include public network such as short-range wireless communication network, Internet, telephone network and satellite communication network, various LANs including Ethernet (registered trademark), WAN (Wide Area Network) and the like. Further, the communication path 300 may include a dedicated line network such as IP-VPN (Internet Protocol-Virtual Private Network).

[1-2. Configuration of IC card 100]
In the above, the outline of the information processing system in this embodiment has been described. Subsequently, the configuration of the IC card 100 will be described with reference to FIGS. FIG. 2 is an explanatory diagram showing the configuration of the IC card 100 in the present embodiment, and FIG. 3 is an explanatory diagram showing a hierarchical structure of data and the like included in the IC card 100. As shown in FIG. 2, the IC card 100 includes a processing unit 101, a storage unit 102, a communication unit 103, an encryption unit 104, and a decryption unit 105.

First, the communication unit 103 is an interface for the reader / writer 200, and receives various requests such as a polling request, an authentication message request, and a data read / write request from the reader / writer 200. Further, the communication unit 103 transmits various replies such as a polling reply, an authentication message reply, and a data read / write reply in response to various requests. Although not shown, the communication unit 103 includes, for example, a modulation / demodulation circuit, a front-end circuit, a power supply regeneration circuit, and the like.

The modulation / demodulation circuit modulates and demodulates data by, for example, an ASK (Amplitude Shift Keying) modulation method. The power supply regeneration circuit uses an antenna unit (not shown) to generate electric power due to electromagnetic induction from the RF (Radio Frequency) operating magnetic field of the carrier wave received from the reader / writer 200, and takes it as an electromotive force of the IC card 100. Further, the front-end circuit receives the carrier wave transmitted by the reader / writer 200 by using the antenna unit, demodulates the carrier wave, acquires a command or data from the reader / writer 200, and processes the carrier 101 via the decoding unit. Supply to. Further, the front-end circuit modulates the carrier wave according to a command or data related to a predetermined service generated by the processing unit 101, and transmits the carrier wave from the antenna unit to the reader / writer 200.

The encryption unit 104 and the decryption unit 105 may be composed of hardware such as an encryption coprocessor having an encryption processing function. For example, the encryption unit 104 and the decryption unit 105 according to the present embodiment are composed of a coprocessor corresponding to a plurality of encryption algorithms such as DES (Data Encryption Standard) and AES (Advanced Encryption Standard). By installing such a coprocessor, the IC card 100 can wirelessly communicate with the reader / writer 200 using a plurality of cryptographic algorithms.

The processing unit 101 controls the storage unit 102, the communication unit 103, the encryption unit 104, and the decryption unit 105, and also performs predetermined arithmetic processing, program execution, and the like. For example, when the processing unit 101 communicates with the reader / writer 200 regarding a predetermined service, the processing unit 101 processes the data related to the service stored in the storage unit 102, or processes the data by executing a program. Or do.

The storage unit 102 stores data and the like related to a plurality of services supported by the IC card 100. Specifically, as shown in FIG. 3, the storage unit 102 stores a system, a directory, data, and the like forming a hierarchical structure. Here, the system is a concept of bundling the entire hierarchical structure, and there is one system for each hierarchical structure. Next, the directory is also called an "area" and is a concept for bundling the data under it, and there may be a plurality of directories per one hierarchical structure. Directories can be located under the system or other directories. Finally, the data includes information necessary for providing various services, and there may be a plurality of data per one hierarchical structure. Data can be placed under a system or directory.

When the IC card 100 corresponds to a plurality of services, the data relating to one service may be included under one directory, or may be included in a state of being divided under a plurality of directories. Further, one service may be made up of one piece of data or a plurality of pieces of data.

In the hierarchical structure stored by the storage unit 102, various settings of the system and higher-level directories can affect the directories and data arranged under them. The various settings referred to here are, for example, an authentication key, an authentication method, an access right, and the like for a system, a directory, or data.

For example, the setting of the access right to the directory arranged in the upper level can be the default setting of the access right to other directories and data arranged under the directory. That is, if the access right to the other directory and data is not set separately, the access right setting to the upper directory can be inherited. This function eliminates the need to individually set various settings for directories and data, so that the load of managing directories and data can be reduced.

Further, the storage unit 102 can store data relating to each of the plurality of services in a state of being associated with each other. There are two methods of data association: link association (hereinafter, when referred to as "association", it refers to link association) and programmatic association.

Specifically, as in the association 1 and the association 2 shown in FIG. 3, the processing unit 101 associates the data existing under different directories with each other, or as in the association 3, the data existing under the same directory. Can be associated with. The association is a link association. On the other hand, the processing unit 101 can associate the data with each other by the program set for the data as in the association 4. The association is a programmatic association.

Although not shown, data may be associated between three or more data (or between services). It is assumed that the storage unit 102 is a storage medium provided in the IC card 100. Details regarding the association between data will be described in "1-3. Association of data on the IC card 100".

Further, the storage unit 102 can store these programs in a state where the programs are set for the system, the directory, or the data. Specifically, as shown in FIG. 3, a default program can be set in the system 1, a program 1 can be set in the directory 1, a program 2 or the like can be set in the data 1-1 or the like. Further, as in the program 5, by setting the program for a plurality of data, the above-mentioned data can be associated with each other. Here, the default program is a program set for each system, and is a program that processes directories, data, and programs arranged under the system. However, the default program may operate as a single default program without processing data or the like.

In addition, the program set in the directory and data performs processing on the directory, data and program placed under the directory and data, but even if the program alone operates like the default program. good.

In the hierarchical structure stored by the storage unit 102, various settings such as access rights to the system, directory, or data can affect the programs set under them. For example, the setting of the access right to the directory arranged in the upper level can be the default setting of the access right to the program set under the directory. That is, if the access right to the program is not set separately, the access right setting to the upper directory can be inherited. With such a function, it is not necessary to individually set various settings for the program, so that the management load can be reduced. Details regarding the program settings will be described in "1-4. Program settings on the IC card 100".

[1-3. Data association in IC card 100]
In the above, the configuration of the IC card 100 has been described. As shown in FIG. 3, the storage unit 102 can store data relating to each of the plurality of services in a state of being associated with each other.

As an example, suppose that data A related to service A and data B related to service B are associated with each other. Then, when the processing unit 101 of the IC card 100 is performing the processing related to the service A, the processing unit 101 can perform the processing not only on the data A but also on the data B. Similarly, when the processing unit 101 of the IC card 100 is performing the processing related to the service B, the processing unit 101 can perform the processing not only on the data B but also on the data A.

Here, the access right when the processing unit 101 of the IC card 100 processes the data A and the data B can be flexibly set. For example, when processing related to service A is performed, it is possible to set "read / write", "read / write (for example, only a predetermined operation)", "read", etc. for the access right to data A. can. On the other hand, the access right to the data B can also be set to "read / write", "read / write (for example, only a predetermined operation)", "read / read", and the like. At this time, the access rights set for the data A and the data B may be different.

Further, as shown in FIG. 3, a program can be set for the data. Then, the access right to the program can be flexibly set. For example, it is assumed that the program A is set for the data A and the program B is set for the data B. Then, when the processing related to the service A is performed, the processing unit 101 may set whether both the program A and the program B can be executed, or whether only one of the program A and the program B can be executed. can.

Next, a processing flow for associating data between a plurality of services will be described with reference to FIG. FIG. 4 is a processing flow for associating the data A related to the service A with the data B related to the service B. Here, it is assumed that the reader / writer A in FIG. 4 is a reader / writer corresponding to the service A, and the reader / writer B is a reader / writer corresponding to the service B. Further, since this is an example, the subject in the processing flow is not necessarily limited to the reader / writer A and the reader / writer B. Specifically, the subject in the processing flow can be replaced with a reader / writer A and various servers such as an external system A and an external system B having the same functions as the reader / writer and B. Further, the reader / writer A and the reader / writer B may be integrated.

First, the reader / writer A creates the shared information A (S400) and encrypts the shared information with a predetermined algorithm (S404). Further, the data sharer B creates the shared information B (S408) and encrypts the shared information (S412).

Here, the shared information is various information necessary for associating data, and the shared information includes information related to access right setting between services. Specifically, the shared information A includes access right setting information related to data A and data B, and the shared information B also includes access right setting information related to data A and data B. .. The processing unit 101 associates the data A and the data B by matching the shared information A and the shared information B. For example, when the contents of the shared information A and the shared information B match, the processing unit 101 determines that both the service A and the service B have agreed, and associates the data A and the data B. It should be noted that the shared information A and the shared information B do not have to match in order to make the association.

In addition, the shared information may include information regarding access rights relating to Program A and Program B. The processing unit 101 determines whether or not to share the program A and the program B with both services by matching the information regarding the access right included in the shared information A and the shared information B. In addition, the hash value of the program can be included in the shared information. Then, when the processing unit 101 collates the shared information A and the shared information B, the hash values included in each match, so that the program A and the program B can be shared with both services.

Subsequently, when the user brings the IC card 100 closer to the reader / writer A, the IC card 100 passes through the carrier wave emitted by the reader / writer A. Then, the power supply regeneration circuit included in the communication unit 103 of the IC card 100 generates electric power. Then, the IC card 100 is activated by using the electric power as an electromotive force (S416).

Next, the reader / writer A transmits a polling request to the IC card 100 (S420). Specifically, the reader / writer 200 may continue to send a polling request even before the IC card 100 approaches.

The polling request includes identification information for identifying the type of the IC card 100. The identification information may be any identification information as long as it can identify the type of the IC card 100, and may be a system code, an ID, or the like. In this embodiment, the system code will be described as identification information. Specifically, the reader / writer 200 can perform polling in which the type of the desired IC card to be processed is specified by the system code, so that only the desired type of the IC card is reacted and the polling reply is made. .. That is, even if the poll is received except for the desired IC card, the poll reply is not transmitted because the system code included in the poll is different. Then, for example, when the user approaches the reader / writer 200 in a state where a plurality of types of IC cards are stacked, processing can be performed only on the desired IC card. In this embodiment, it is assumed that the IC card 100 holds the system code A.

The IC card 100 that has received the polling request transmits a polling reply to the reader / writer A (S424). Upon receiving the polling reply, the reader / writer A creates an authentication message request and transmits the authentication message request to the IC card 100 (S428). When the IC card 100 receives the authentication message request from the reader / writer A, the IC card 100 creates an authentication message reply and transmits the authentication message reply to the reader / writer A (S432). By such processing, mutual authentication between the IC card 100 and the reader / writer A is completed. After the mutual authentication is completed, the reader / writer A transmits a shared information A arrangement request (S436) to the IC card 100, and the IC card 100 stores the shared information A in the storage unit 102 in response to the request. Then, the IC card 100 transmits the shared information A arrangement reply to the reader / writer A (S440).

The reader / writer B stores the shared information B in the storage unit 102 of the IC card 100 by the processing of S444 to S464. Since the content of the process is the same as the content of the process (S420 to S440) in the reader / writer A described above, the description thereof will be omitted.

Subsequently, either the reader / writer A or the reader / writer B makes a data sharing request. For example, as shown in FIG. 4, the reader / writer B corresponding to the service B requests the IC card 100 to share the data A related to the service A (S468). Then, the processing unit 101 of the IC card 100 collates the shared information A and the shared information B (S472). Then, if the matching is successful, the data A relating to the service A and the data B relating to the service B are associated with each other (S476). On the other hand, if the match is unsuccessful, no data association is made.

Although the data association between the service A and the service B has been described, the data association in the three or more services may be performed. Furthermore, it is possible to associate a plurality of data related to the same service with each other.

Further, it is assumed that the processing flow for associating the data described with reference to FIG. 4 is performed when the IC card 100 is approached by the reader / writer by the user. However, the association between data is not limited to the method described with reference to FIG. 4, and is possible as long as the IC card 100 can communicate with the external system. Of course, it is also possible to associate the data with each other at the time of manufacturing the IC card 100.

[1-4. Program settings on IC card 100]
In the above, the association between the data stored in the storage unit 102 has been described. Next, the functions that can be set by the program for the system, directory, or data will be described.

As described with reference to FIG. 3, the storage unit 102 can store the programs in the state of setting the programs for the system, the directory, or the data. Then, for example, the processing unit 101 can perform processing on the data by executing the program set in the data. With this function, it is possible to flexibly set the target to be processed by the program, so that it is possible to provide services and operate the IC card more flexibly as compared with the conventional IC card. For example, in a conventional IC card, since the authentication method is uniformly determined, it is difficult to change or revise the authentication method for some services. On the other hand, in this embodiment, the program for authentication can be changed to a system, a directory, or a data unit. Then, each service can select the corresponding authentication method. Furthermore, each service can select a different authentication method or change the authentication method independently. Of course, the same authentication method may be selected for each service.

Further, conventionally, when data related to different services are associated with each other, and when processing is performed on both data, it is necessary to share key information between the services. On the other hand, in the present embodiment, a program including key information for the data of each service can be set for the data associated between different services. At this time, the key information for the data of both services included in the program is encrypted, so that the content of the key information cannot be decrypted. When the processing unit 101 executes the program including the key information, the processing unit 101 can process the data of both services. That is, each service provider can process the data associated between the services without sharing the contents of the key information. Of course, the key information does not need to be encrypted, and the key information may be set in the program in a state where the key information is disclosed between services. Here, the key information may be any information as long as it is some kind of information for realizing authentication.

Therefore, next, a method of setting a program for a system, a directory, or data will be described with reference to FIG. The reader / writer shown in FIG. 5 is merely an example, and the subject in the processing flow is not necessarily limited to the reader / writer. Specifically, the subject in the processing flow can be replaced by various servers such as an external system having a function equivalent to that of a reader / writer.

FIG. 5 is an explanatory diagram showing a flow for setting a program in the present embodiment. A reader / writer creates a program (S500) and encrypts the program with a predetermined algorithm (S504). The encrypted program is set in the IC card 100 through the steps S508 to S524. Here, since the content of the processing of S508 to S524 is the same as the content of the processing of S416 to S432 described above, the description thereof will be omitted.

Next, a program placement request is transmitted from the reader / writer to the IC card 100 (S528), and when the IC card 100 receives the program placement request, the encrypted program is stored in the storage unit 102. Then, the IC card 100 completes the program placement by transmitting the program placement reply to the external system (S532).

The processing flow for arranging the program described with reference to FIG. 5 is assumed to be performed when the IC card 100 is approached by the reader / writer 200 by the user. However, the method of arranging the program is not limited to the method described with reference to FIG. 5, and it is possible as long as the IC card 100 can communicate with the external system. Of course, it is also possible to arrange the program at the time of manufacturing the IC card 100.

[1-5. Operation of IC card 100 and reader / writer 200]
The above describes how to set up a program for a system, directory or data. Subsequently, the operation of the IC card 100 and the reader / writer 200 in this embodiment will be described with reference to FIG.

Here, since the content of the processing of S600 to S616 in FIG. 6 is the same as the content of the processing of S416 to S432 in FIG. 4 described above, the description thereof will be omitted. By performing S616, after the mutual authentication is completed, the reader / writer 200 can transmit a data read / write request (S620) to the IC card 100, and the IC card 100 performs processing according to the request. Can be done. Further, the IC card 100 transmits a data read / write reply to the reader / writer 200 as a result of executing the process according to the request (S624).

Subsequently, with reference to FIGS. 3 and 7, the details of the processing performed by the processing unit 101 of the IC card 100 in response to the data read / write request (S620) from the reader / writer 200 will be described.

As described with reference to FIG. 3, the storage unit 102 can store data relating to each of the plurality of services in a state of being associated with each other. By such an association, the processing unit 101 of the IC card can process not only the data related to one service but also the data related to the other service associated with the data. For example, when processing the data 1-1 shown in FIG. 3, the processing unit 101 recognizes that the data 1-1 and the data 1-1-1 are associated with each other by the association 1. Then, the processing unit 101 can also process the data 1-1-1. Further, for example, the processing unit 101 executes the program 5 shown in FIG. 3 to execute data 2-4.
Since the processing for the data 2-5 is defined in the program 5, the processing for the data 2-5 can also be performed.

With such a configuration, since it is not necessary to perform polling or authentication processing for each service in order to process data related to different services, the load due to the processing of the reader / writer 200 can be reduced and the processing speed can be improved. Can be done.

Further, as described above, the storage unit 102 can store these programs in a state where the programs are set for the system, the directory, or the data. With such a configuration, the program can be set more flexibly as compared with the case where the program can be set only in the IC card or the system unit. Then, for example, when setting a new program, it is not necessary to apply the new program to the entire IC card, and the program can be set only for the data related to the necessary services. Further, when the program is revised, it is not necessary to revise the program of the entire IC card, and only the individual programs set for the service can be revised. Therefore, such a configuration can limit the risks associated with the installation of new programs and the revision of programs. Specifically, a different authentication method (authentication key encryption method, etc.) can be set for each service, and the authentication method can be easily changed for each service.

Here, the program set for the system, directory or data can operate in various patterns. For example, a program can execute processing by itself (without processing a directory or data). For example, when the program generates a random number used for authentication. The program can also perform processing on directories and data. For example, when making a payment from electronic money stored in an IC card when purchasing a product. Further, the program can be automatically executed when authenticating with a directory or data, or when performing some processing on the directory or data. For example, when a coupon is issued for a certain product and the user purchases the product, the coupon program is automatically executed and the selling price is reduced. By processing the program in various patterns as described above, various services can be provided by using the IC card 100.

Next, with reference to FIG. 7, a pattern of how to set the associated data and the program will be described. A is a pattern in which a program is not set for the associated data (association 3 in FIG. 3). B and C are patterns in which a program is set for a part of the associated data (association 2 and program 4 in FIG. 3). D is a pattern in which a program is set for all of the associated data (association 1 and programs 2 and 3 in FIG. 3).

With such a configuration, the processing unit 101 of the IC card can perform processing on the associated data by executing the program, so that processing can be performed on different services. Therefore, in order to process data related to different services, it is not necessary to perform polling, authentication processing, and program execution for each service, so that the load due to the processing of the reader / writer 200 can be reduced and the processing speed is improved. be able to.

<2. Second Example>
Hereinafter, as a second embodiment, an example in which the physical card, which is the IC card 100, has a plurality of logical cards will be described with reference to FIG. FIG. 8 is an explanatory diagram showing the configuration of the logic card in the present embodiment.

Here, the logical card is an IC card virtually created in the physical card. In other words, it means dividing the resources (storage area, etc.) of one physical card and allocating them to a plurality of logical cards.

As shown in FIG. 8, the physical card in the present embodiment holds a physical card type as identification information, and has a logical card 1 and a logical card 2. On the other hand, the logical card 1 holds the logical card type 1 as the identification information and has the security model 1. Like the logical card 1, the logical card 2 also holds the logical card type 2 and has the security model 2.

Here, the security model refers to a hierarchical structure and a program structure composed of a system, a directory, data, or the like described in the "first embodiment". That is, in the second embodiment, a hierarchical structure and a program structure are provided for each logical card. With such a configuration, it is possible to provide services more flexibly as compared with the case where the physical card does not have a plurality of logical cards. For example, since a hierarchical structure such as data can be formed for each service, it is possible to set a data structure and a program suitable for each service provider.

Next, on the premise of the configuration described with reference to FIG. 8, the hierarchical structure of data and the like stored in the storage area in the present embodiment will be described with reference to FIG. Here, the storage area of FIG. 9 corresponds to the logical card of FIG. 8, and the system code of FIG. 9 corresponds to the logical card type of FIG.

As shown in FIG. 9, the storage unit 102 of the IC card 100 has a plurality of storage areas. Similar to the first embodiment, each storage area stores a hierarchical structure such as a system, a directory, or data, a program, and the like.

Further, as in the first embodiment, the storage unit 102 can store data relating to each of the plurality of services in a state of being associated with each other, and sets a program for the system, the directory, or the data. can do.

Further, in the second embodiment, the processing unit 101 can associate data relating to each of the plurality of services in each storage area between different storage areas (association 5). Specifically, the processing unit 101 can link or programmatically associate different storage areas. Although FIG. 9 shows how the data is associated between the two storage areas, the data may be associated between the three or more storage areas. In addition, the data associated between the storage areas may be further associated with other data in the storage area (not shown).

By such an association, the processing unit 101 of the IC card can perform processing on the associated data, so that processing can be performed on different storage areas. For example, when processing the data 2-4 in the storage area 1, the processing unit 101 recognizes that the data 2-4 and the data 1-1-2 in the storage area 2 are associated with each other by the association 5. do. Then, the processing unit 101 can also process the data 1-1-2 in the storage area 2. Further, for example, when the processing unit 101 executes the program 5 shown in FIG. 9 to process the data 2-4, the data 2-5 and the data 1-1-2 of the storage area 2 are processed in the program 5. Since the processing of is defined, the processing can also be performed on the data 2-5 and the data 1-1-2 of the storage area 2.

Therefore, in order to process data related to different storage areas (services) as in the first embodiment, it is not necessary to perform polling, authentication processing, etc. for each storage area (service). The load can be reduced and the processing speed can be improved.

When data is associated between different storage areas as described above, by performing processing on the associated data, in order to perform processing on different storage areas, different storage areas are activated. There is a need. Therefore, subsequently, a method of activating different storage areas will be described with reference to FIG.

First, the IC card 100 is divided to create not only the storage area 1 but also the storage area 2 (S700). The storage area 1 holds the system code A as the identification information, and the storage area 2 holds the system code B as the identification information. The identification information may be any identification information as long as it can identify the storage area, and may be an ID or the like.

Subsequently, the system code 2, which is the second system code, is assigned to the storage area (S704). With such a configuration, the storage area to which the system code 2 is assigned can not only behave as a storage area to which the system code 1 is assigned, but can also behave as a storage area to which the system code 2 is assigned. For example, in FIG. 10, since the system code A is assigned to the storage area 2 as the system code 2, the processing unit 101 makes a polling request for which the system code A is specified from the reader / writer 200 by the communication unit 103. When received, not only the storage area 1 but also the storage area 2 is specified and activated.

Therefore, for example, in S604 of FIG. 6, when the polling request for which the system code A is specified is transmitted from the reader / writer 200, not only the storage area 1 but also the storage area 2 can be activated.

In addition to the method of assigning the system code 2, it is possible to activate different storage areas by associating them by bridging the different storage areas (S708).

<3. Information processing device hardware configuration example>
The information processing system according to the embodiment of the present disclosure has been described above. The information processing in the above-mentioned information processing system is realized by the cooperation between the software and the hardware of the IC card 100 described below. Hereinafter, the hardware configuration of the IC card 100 according to the present embodiment will be described with reference to FIG.

The antenna 172 is composed of, for example, a resonance circuit including a coil (inductor) L1 having a predetermined inductance and a capacitor C1 having a predetermined capacitance, and generates an induced voltage by electromagnetic induction in response to reception of a carrier. .. Then, the antenna 172 outputs a reception voltage obtained by resonating the induced voltage at a predetermined resonance frequency. Here, the resonance frequency of the antenna 172 is set according to the frequency of the carrier wave, for example, 13.56 [MHz]. The antenna 172 receives the carrier wave according to the above configuration, and also transmits the response signal by the load modulation performed in the load modulation circuit 186 included in the IC chip 170.

The IC chip 170 includes a carrier detection circuit 176, a detection circuit 178, a regulator 180, a demodulation circuit 182, an MPU 184, and a load modulation circuit 186. Although not shown in FIG. 11, the IC chip 170 may further include, for example, a protection circuit (not shown) for preventing an overvoltage or an overcurrent from being applied to the MPU 184. Here, examples of the protection circuit (not shown) include a clamp circuit composed of a diode or the like.

Further, the IC chip 170 includes, for example, a ROM 188, a RAM 190, and a non-volatile memory 192. The MPU 184, the ROM 188, the RAM 190, and the non-volatile memory 192 are connected by, for example, a bus 194 as a data transmission path.

The ROM 188 stores control data such as programs and calculation parameters used by the MPU 184. The RAM 190 temporarily stores the program executed by the MPU 184, the calculation result, the execution state, and the like.

The non-volatile memory 192 stores various data such as encryption key information used for mutual authentication in NFC, electronic value, and various applications. Here, examples of the non-volatile memory 192 include an EEPROM (Electrically Erasable and Programmable Read Only Memory) and a flash memory. The non-volatile memory 192 corresponds to, for example, an example of a secure recording medium having tamper resistance.

The carrier detection circuit 176 generates, for example, a rectangular detection signal based on the reception voltage transmitted from the antenna 172, and transmits the detection signal to the MPU 184. Further, the MPU 184 uses the transmitted detection signal as, for example, a processing clock for data processing. Here, since the detection signal is based on the reception voltage transmitted from the antenna 172, it is synchronized with the frequency of the carrier wave transmitted from an external device such as the reader / writer 200. Therefore, by providing the carrier detection circuit 176, the IC chip 170 can perform processing with an external device such as a reader / writer 200 in synchronization with the external device.

The detection circuit 178 rectifies the received voltage output from the antenna 172. Here, the detection circuit 178 is composed of, for example, a diode D1 and a capacitor C2.

The regulator 180 smoothes the received voltage, makes it a constant voltage, and outputs the drive voltage to the MPU 184. Here, the regulator 180 uses the DC component of the received voltage as the drive voltage.

The demodulation circuit 182 demodulates the carrier wave signal based on the received voltage, and outputs data corresponding to the carrier wave signal included in the carrier wave (for example, a binarized data signal of high level and low level). Here, the demodulation circuit 182 outputs the AC component of the received voltage as data.

The MPU 184 drives the drive voltage output from the regulator 180 as a power source, and processes the demodulated data in the demodulation circuit 182. Here, the MPU 184 is composed of, for example, one or more processors composed of arithmetic circuits such as MPU, various processing circuits, and the like.

Further, the MPU 184 selectively generates a control signal for controlling the load modulation related to the response to the external device such as the reader / writer 200 according to the processing result. Then, the MPU 184 selectively outputs the control signal to the load modulation circuit 186.

The load modulation circuit 186 includes, for example, a load Z and a switch SW1, and performs load modulation by selectively connecting (activating) the load Z according to a control signal transmitted from the MPU 184. Here, the load Z is composed of, for example, a resistor having a predetermined resistance value. Further, the switch SW1 is composed of, for example, a p-channel type MOSFET (Metal Oxide Semiconductor Field effect transistor) or an n-channel type MOSFET.

With the above configuration, the IC chip 170 can process the carrier signal received by the antenna 172 and cause the antenna 172 to transmit a response signal by load modulation.

By having the configuration shown in FIG. 11, for example, the IC chip 170 and the antenna 172 communicate with an external device such as a reader / writer 200 by NFC using a carrier wave having a predetermined frequency. Needless to say, the configurations of the IC chip 170 and the antenna 172 according to the present embodiment are not limited to the example shown in FIG.

Here, it is the MPU 184 that functions as the processing unit 101 of the IC card 100 shown in FIG. It is the ROM 188, the RAM 190 or the non-volatile memory 192 that functions as the storage unit 102. The communication unit 103 functions as an antenna 172, a carrier detection circuit 176, a detection circuit 178, a regulator 180, a demodulation circuit 182, and a load modulation circuit 186. The encryption unit 104 and the decryption unit 105 are MPU 184s like the processing unit 101.

Although the preferred embodiments of the present disclosure have been described in detail with reference to the accompanying drawings, the technical scope of the present disclosure is not limited to such examples. It is clear that anyone with ordinary knowledge in the technical field of the present disclosure may come up with various modifications or modifications within the scope of the technical ideas set forth in the claims. Is, of course, understood to belong to the technical scope of the present disclosure.

For example, the configuration of the IC card 100 may be provided outside the IC card. Specifically, the encryption unit 104 and the decryption unit 105 may be included in an external information processing device. Further, the encryption unit 104 and the decryption unit 105 may not be provided.

Further, for example, all the functions of the IC card 100 may be embodied by the processing unit 101. That is, the processing unit 101 may realize the functions of the storage unit 102, the communication unit 103, the encryption unit 104, and the decryption unit 105. Of course, some functions of the IC card 100 may be embodied by the processing unit 101.

In addition, the effects described herein are merely explanatory or exemplary and are not limited. That is, the techniques according to the present disclosure may exhibit other effects apparent to those skilled in the art from the description herein, in addition to or in place of the above effects.

The following configurations also belong to the technical scope of the present disclosure.
(1)
It is provided with a processing unit that processes data related to services corresponding to each of a plurality of services associated with a storage medium.
Information processing device.
(2)
When the associated data about the service is stored in different storage areas in the storage medium
The processing unit processes data related to the service stored in different storage areas.
The information processing device according to (1) above.
(3)
The processing unit identifies the storage area in which data related to the associated service is stored, based on the identification information that identifies the storage area.
The information processing device according to (2) above.
(4)
One or two or more of the identification information is set in the storage area, and the identification information is set.
The processing unit identifies the storage area in which the one or more identification information is set, which matches the acquired identification information.
The information processing device according to (3) above.
(5)
The different storage areas have different security models.
The information processing device according to any one of (2) to (4) above.
(6)
The processing unit processes data related to the service based on the key information corresponding to each of the services or the data.
The information processing device according to any one of (1) to (5) above.
(7)
The key information corresponding to each of the services or the data differs for each service or each of the data.
The information processing device according to (6) above.
(8)
The processing unit processes data related to the service based on the authentication method corresponding to each of the services.
The information processing device according to any one of (1) to (7) above.
(9)
The authentication method corresponding to each of the services differs for each service.
The information processing device according to (8) above.
(10)
Access rights are set for the associated data related to the service for each data related to the service.
The information processing device according to any one of (1) to (9) above.
(11)
When the data related to the service corresponding to each of the plurality of services is associated by the program associated with the data related to the service.
The processing unit processes the data related to the associated service by executing the program.
The information processing device according to any one of (1) to (10) above.
(12)
The data related to the service corresponding to each of the plurality of services is associated with the shared information associated with each of the data related to the service.
The information processing device according to any one of (1) to (11).
(13)
The information processing device is a non-contact IC card or a communication device.
The information processing device according to any one of (1) to (12).
(14)
It has the ability to process data about services associated with each of a plurality of services associated with a storage medium.
An information processing method executed by an information processing device.

100 IC card (information processing device)
101 Processing unit 102 Storage unit 103 Communication unit 104 Encryption unit 105 Decryption unit 200 Reader / writer 300 Communication path

Claims (11)

An information processing device that has the function of a contactless IC (integrated circuit) card.
Associated with the storage medium, comprising a processing unit for processing the data relating to services corresponding to a plurality of services,
When the associated data about the service is stored in different storage areas in the storage medium
The processing unit processes data related to the service stored in different storage areas having different security models.
Information processing device. The processing unit identifies the storage area in which data related to the associated service is stored, based on the identification information that identifies the storage area.
The information processing device according to claim 1. One or two or more of the identification information is set in the storage area, and the identification information is set.
The processing unit identifies the storage area in which the one or more identification information is set, which matches the acquired identification information.
The information processing device according to claim 2. The processing unit processes data related to the service based on the key information corresponding to each of the services or the data.
The information processing device according to claim 1. The key information corresponding to each of the services or the data differs for each service or each data.
The information processing device according to claim 4. The processing unit processes data related to the service based on the authentication method corresponding to each of the services.
The information processing device according to claim 1. The authentication method corresponding to each of the services differs for each service.
The information processing device according to claim 6. Access rights are set for the associated data related to the service for each data related to the service.
The information processing device according to claim 1. When the data related to the service corresponding to each of the plurality of services is associated by the program associated with the data related to the service.
The processing unit processes the data related to the associated service by executing the program.
The information processing device according to claim 1. The data related to the service corresponding to each of the plurality of services is associated with the shared information associated with each of the data related to the service.
The information processing device according to claim 1. An information processing method executed by an information processing device having the function of a non-contact IC card.
Includes processing data about services associated with each of the multiple services associated with the storage medium.
When the associated data about the service is stored in different storage areas in the storage medium
Process data about the service stored in different storage areas with different security models.
Information processing method.

Images